6525--ENT/URO SCOPE CONSUMABLES *** BRAND NAME OR EQUAL***

Sources Sought Notice Sources Sought Notice Page 3 of 7 Sources Sought Notice *= Required Field Sources Sought Notice Page 1 of 7 DESCRIPTION This Sources Sought Notice is for informational and planning purposes only and shall not be construed as a solicitation or as an obligation or commitment by the Government. This notice is intended strictly for Market Research. This is a Request for Information only. This is NOT a solicitation for proposals, proposal abstracts, or quotations. The Department of Veterans Affairs Olin E. Teague Veterans Medical Center Surgical Service in Temple, Texas intends to award a BRAND NAME OR EQUAL contract award for the purchase of ENTURO Scope Consumables. The Government is conducting a market survey to help determine the availability and technical capability of qualified service-disabled veteran-owned small businesses, veteran-owned small businesses, small businesses, HUBZone small businesses and/or other large businesses capable of serving the needs identified below. This notice of intent is for open market as well as Federal Supply Schedule items. The purpose of this notice is to gain knowledge of potential qualified sources and their size classification/socioeconomic status (service-disabled veteran owned small business, veteran owned small business, women owned small business, HUB Zone, 8(a), small business or large business, relative to NAICS 334510 Electromedical and Electrotherapeutic Apparatus Manufacturing with a size standard of 1,250 Employees. Responses to this notice will be used by the Government to make appropriate acquisition decisions. A solicitation is not currently available. If a solicitation is issued, it will be announced on Federal Business opportunities website http://www.fbo.gov or GSA E-Buy at a later date, and all interested parties must respond to that solicitation announcement separately from the responses to this announcement. Your responses to the information requested will assist the Government in determining the appropriate acquisition method, including whether a set-aside is possible. ITEM NUMBER DESCRIPTION OF SUPPLIES/SERVICES QUANTITY UNIT UNIT PRICE AMOUNT 0001 3.00 EA LITHOTRIPSY TRANSDUCTER ***BRAND NAME OR EQUAL*** 0002 3.00 EA LITHOTRIPSY NOSE CONE ***BRAND NAME OR EQUAL*** 0003 1.00 EA LITHOTRIPSY SYSTEM ***BRAND NAME OR EQUAL*** 0004 6.00 EA WORKING INSERT 8.5 MM 8FR ***BRAND NAME OR EQUAL*** 0005 5.00 EA STERILIZATION TRAY ***BRAND NAME OR EQUAL*** 0006 5.00 EA STERILIZATION MAT ***BRAND NAME OR EQUAL*** 0007 2.00 EA BIOPSY FRCPS, SPOON TYPE OPTICAL ***BRAND NAME OR EQUAL*** 0008 1.00 EA FLEXIBLE FOREIGN BODY FORCEPTS 7F LOCAL STOCK NUMBER: 520 ***BRAND NAME OR EQUAL*** 0009 2.00 EA CYSTO SHEAT 17FR ***BRAND NAME OR EQUAL*** 0010 1.00 EA ATTACHMENT W/ AUTOVALVE FOR A3336 ***BRAND NAME OR EQUAL*** 0011 5.00 EA STERILIZATION TRAY HOLDER ***BRAND NAME OR EQUAL*** 0012 1.00 EA STROBOSCOPY SYSTEM ***BRAND NAME OR EQUAL*** 0013 4.00 EA STERILE CASE FLEXIBLE VIDEO ***BRAND NAME OR EQUAL*** 0014 12.00 EA LUER-SPLIT FORCEPS/IRRIGATION PLUG ***BRAND NAME OR EQUAL*** 0015 5.00 BX SEAL KIT, 6-12FR ***BRAND NAME OR EQUAL*** 0016 12.00 EA UNIVERSAL STOPCOCK LUER LOCK ***BRAND NAME OR EQUAL*** 0017 6.00 EA STERILIZATION TRAY ***BRAND NAME OR EQUAL*** 0018 6.00 EA STERILIZATION MAT ***BRAND NAME OR EQUAL*** 0019 1.00 EA MOBILE TROLLEY SET 3 ***BRAND NAME OR EQUAL*** 0020 1.00 EA COMPACT LCD MONITOR ARM ***BRAND NAME OR EQUAL*** 0021 1.00 EA HD-SDI CABLE ***BRAND NAME OR EQUAL*** 0022 2.00 EA SEMI INLINE RATCHET ***BRAND NAME OR EQUAL*** 0023 12.00 EA MONOPOLAR HAND INSTRUMENT ***BRAND NAME OR EQUAL*** 0024 12.00 EA DEACTIVATABLE RATCHET ***BRAND NAME OR EQUAL*** 0025 2.00 EA FLUSHING PUMP ***BRAND NAME OR EQUAL*** STATEMENT OF WORK SURGICAL SERVICES ENDOSCOPE EQUIPMENT AND CONSUMABLES (BRAND NAME OR EQUAL) Introduction/Background The Central Texas Veterans Healthcare System (CTVHCS) requires the purchase of specialized endoscopy equipment and consumables for use with its leased medical scope equipment. This equipment supports diagnostic and therapeutic procedures in the Surgical Services departments, including urology (URO), ear-nose-throat (ENT), and general surgical endoscopy (SE). These consumables are required for facilities in Temple and Austin.  This procurement is crucial for ensuring the uninterrupted and safe performance of medical procedures by providing essential, compatible, and often single-use, accessories. This procurement shall be brand-name or equal in an attempt to maintain compatibility with the leased equipment across multiple CTVHCS facilities.  The base period for this purchase is for one year, with no optional years to extend the period of performance.  Statement of Need To ensure the safe and effective operation of its newly leased scope equipment, the Central Texas Veterans Healthcare System (CTVHCS) must procure additional specialized endoscopy equipment and consumables that are compatible with VA- owned Olympus endoscope lithotripters and flush pumps. Without these specific, often single-use, items such as specialized forceps, sterilization accessories, and system-compatible components the advanced equipment would be rendered inoperable, directly jeopardizing patient care and procedural workflows. The objective is to establish a readily available supply chain for these consumables through a competitive process that maximizes participation from Service-Disabled Veteran-Owned Small Businesses (SDVOSBs), thereby ensuring uninterrupted service, upholding the highest standards of patient safety, and promoting seamless interoperability across all relevant CTVHCS facilities.  Scope of Work Period of Performance BASE: April 30, 2026 - April 29, 2027 This contract is for a single, one-time delivery of the specified quantity of consumables. No additional options for follow-on deliveries are included. Final dates contingent upon contract award. General Requirements The Contractor shall, upon contract award, provide a one-time, bulk delivery of all consumables, accessories, and replacement items specified in the table below. All items delivered must be fully compatible and interoperable with the existing leased scope systems utilized by the Surgical Services departments (Urology, ENT, and general Surgical Endoscopy) at CTVHCS facilities in Temple and Austin. The Contractor is required to deliver the entire quantity of all requested items within 90 calendar days of the contract award date. No partial shipments are authorized unless explicitly approved in writing by the Contracting Officer. Specific Consumables/Equipment by Department The Contractor shall provide the following items in a single delivery, organized by the department that will utilize them. (BRAND NAME OR EQUAL) ITEM DESCRIPTION QTY TEMPLE URO ***BRAND NAME OR EQUAL*** LITHOTRIPSY TRANSDUCTER 3 LITHOTRIPSY NOSE CONE 3 LITHOTRIPSY SYSTEM 1 WORKING INSERT 8.5 MM 8FR 6 STERILIZATION TRAY 5 STERILIZATION MAT 5 BIOPSY FRCPS, SPOON TYPE OPTICAL 2 FLEXIBLE FOREIGN BODY FORCEPTS 7F 1 CYSTO SHEAT 17FR 2 ATTACHMENT W/ AUTOVALVE FOR A3336 1 STERILIZATION TRAY HOLDER 5 TEMPLE ENT ***BRAND NAME OR EQUAL*** STROBOSCOPY SYSTEM 1 STERILE CASE FLEXIBLE VIDEO 4 AUSTIN URO ***BRAND NAME OR EQUAL*** LUER-SPLIT FORCEPS/IRRIGATION PLUG 12 SEAL KIT, 6-12FR 5 UNIVERSAL STOPCOCK LUER LOCK 12 STERILIZATION TRAY 6 STERILIZATION MAT 6 MOBILE TROLLEY SET 3 1 COMPACT LCD MONITOR ARM 1 HD-SDI CABLE 1 SE ***BRAND NAME OR EQUAL*** SEMI INLINE RATCHET 2 MONOPOLAR HAND INSTRUMENT 12 DEACTIVATABLE RATCHET 12 FLUSHING PUMP 2 Delivery and Acceptance Delivery Location: All items shall be delivered to the designated central receiving warehouse at the Olin E. Teague Medical Center in Temple (1901 Veterans Memorial Drive building 206). Delivery Documentation: The entire delivery must be accompanied by a single packing slip that details the contents, quantities, item descriptions, and corresponding purchase order number(s). Acceptance: All delivered items will be inspected for compliance with the specifications. Acceptance by the Government shall be contingent upon the verification of all items listed in the table, their full compatibility with existing equipment, and their arrival in new, undamaged condition. Quality Assurance Product Standards: All consumables provided must meet or exceed the technical specifications defined by CTVHCS and must be manufactured in accordance with all applicable medical device quality standards. Product Condition: All delivered items must be new, in original manufacturer-sealed packaging, and free from any defects or damage. Any defective or damaged items discovered upon inspection will be grounds for rejection of the entire lot. Technical Support: The Contractor shall provide limited technical support to address any immediate issues regarding the delivered items' compatibility or performance with the leased equipment upon delivery. TECHNICAL SPECIFICATIONS (BRAND NAME OR EQUAL) Department Item Description Technical Specifications Temple Uro LITHOTRIPSY TRANSDUCER Technology: Compatible with dual-action lithotripsy systems purchased from Olympus. Combe ultrasonic and ballistic energy. Must provide a frequency range of 20-30 kHz for ultrasonic energy and a pressure range of 20-30 bar for ballistic energy. Control: Integrated single-handpiece activation with dedicated controls for power levels and suction. Temple Uro LITHOTRIPSY NOSE CONE Design: Protective nose cone that securely attaches to the transducer. Compatibility: Compatible with a range of probe diameters, specifically from 1.5 mm to 3.76 mm. Must ensure full functionality and probe stability with va-owned Olympus lithotripsy system. Temple Uro LITHOTRIPSY SYSTEM Technology: Integrated system for fragmentation and aspiration of calculi. Must deliver a combined power output of at least 50W for ultrasonic energy. User Interface: Manual, single-handpiece activation with integrated suction control, eliminating the need for a footswitch. Temple Uro WORKING INSERT Dimensions: Outer diameter of 8.5 mm and 8 French gauge. The working length must be between 30 cm and 40 cm. Construction: Modular and autoclavable, made from medical-grade stainless steel. Locking Mechanism: Features a secure locking system for quick and stable assembly. OES-PRO 8.5 MM 8FR. Temple Uro STERILIZATION TRAY Materials: Anodized aluminum or sterilizable plastic. Features: Includes a base, a perforated lid, a locking mechanism, and silicone finger mats for instrument organization. Dimensions: Various sizes are acceptable, with a minimum internal dimension of 4" x 6.5" x 0.75". Temple Uro STERILIZATION MAT Materials: High-grade silicone, temperature resistant up to 275°F (135°C). Features: Raised structures to cushion and protect instruments. Temple Uro BIOPSY FORCEPS Application: Designed for optical biopsy procedures via an endoscope. Jaw Type: Spoon-shaped jaws. Material: Constructed from high-quality medical-grade stainless steel. Dimensions: Working length must be between 400 mm and 450 mm. Action: May feature a spring-loaded or double-action closure. Optical Temple Uro FLEXIBLE FOREIGN BODY FORCEPTS Size: 7 French gauge. Features: Double-action jaw for grasping foreign objects. The shaft must have a minimum diameter of 2.3 mm. Material: Flexible, medical-grade stainless steel shaft. Dimensions: Working length must be between 40 cm and 45 cm. Temple Uro CYSTO SHEATH Size: 17 French gauge diameter. Configuration: May include one or more channels (e.g., for irrigation or a laser fiber) and stopcocks for fluid management. Compatibility: Compatible with standard rigid or flexible cystoscopes. Material: High-quality medical-grade metal (stainless steel). Temple Uro ATTACHMENT W/ AUTOVALVE Compatibility: The attachment must be compatible with the specific legacy A3336 system. Features: Includes an integrated autovalve for automated irrigation and fluid control. Sterilization: Must be autoclavable. Temple Uro STERILIZATION TRAY HOLDER Materials: High-quality stainless steel. Features: Durable and compatible with high-temperature sterilization methods. Includes a secure locking mechanism to hold trays during transport and sterilization. Temple ENT STROBOSCOPY SYSTEM Technology: LED-based light source for vocal fold stroboscopy. Performance: Provides flicker-free images (frequency 60 Hz) and uniform illumination. The light intensity must be adjustable from 0 to 100%. Control: Includes an adjustable flash rate and brightness, compatible with a range of air and throat microphones. Temple ENT STERILE CASE FLEXIBLE VIDEO Dimensions: Internal dimensions of at least 23.5" x 11" x 4". Function: Provides a sterile barrier for the storage and transport of flexible video endoscopes. Compatibility: Compatible with standard flexible video scopes with outer diameters of 2-5 mm and working lengths of 30-60 cm. Austin Uro LUER-SPLIT FORCEPS/IRRIGATION PLUG Function: Reusable plug for controlling fluid flow through endoscope channels. Connection: Luer-split design for secure attachment to endoscopes. Compatibility: Compatible with standard endoscopy equipment (e.g., Olympus, Pentax, Fujinon). Austin Uro SEAL KIT, 6-12FR, Contents: Contains 12 silicone seals per box. Compatibility: Seals for urology accessories with diameters ranging from 6 to 12 French. Application: Used to create a leak-resistant seal to prevent fluid backflow. Austin Uro UNIVERSAL STOPCOCK LUER LOCK Type: Universal stopcock with a luer lock connection. 75U. Function: Controls fluid flow with a 360-degree rotation. Material: Reusable, made from medical-grade materials, and autoclavable. Austin Uro MOBILE TROLLEY US SET Features: A mobile trolley system with a minimum of three shelves, designed for medical equipment. Compatibility: Compatible with standard endoscopic tower components and monitors. The system must include integrated cable management and a minimum weight capacity of 200 lbs. Dimensions: Overall dimensions must not exceed 25"W x 25"D x 65"H. Austin Uro COMPACT LCD MONITOR ARM Features: Articulating arm for mounting a compact LCD monitor. Mounting: VESA compatible (e.g., 75x75 mm and 100x100 mm). Capacity: Supports monitors with a maximum screen size of 27 inches and a maximum weight of 15 lbs. Installation: Provides integrated cable management. Austin Uro HD-SDI CABLE Type: High-Definition Serial Digital Interface (HD-SDI) cable. Length:  6 feet (1.8 meters). Connectors: BNC type connectors with a locking mechanism. Performance: Ensures reliable transmission of high-definition video signals up to 3 Gbps. SE SEMI INLINE RATCHET Length: 33 cm (approximately 13 inches). Design: Modular, two-piece, clamshell handle with a semi-inline configuration. Mechanism: Includes a semi-inline ratchet with a quick-release button. Sterilization: Autoclavable for reprocessing. SE MONOPOLAR LAPROSCOPIC HAND INSTRUMEN Size: Ergonomic, large (L) handle design for user comfort. Configuration: Three-part modular design with at least two joint mechanisms. Type: Monopolar for use with laparoscopic instruments. The handle must be compatible with standard 5mm and 10mm shafts. Sterilization: Autoclavable and designed for easy disassembly for cleaning. SE DEACTIVATABLE RATCHET Size: Ergonomic, large (L) handle design. Mechanism: Includes a deactivatable ratchet mechanism for enhanced control. Configuration: Modular system compatible with laparoscopic instruments. SE ENDOSCOPE FLUSHING PUMP Function: Endoscopic flushing pump for delivering irrigation fluid. Compatibility: Compatible with standard endoscope channels (with channel diameters from 2.0 to 4.0 mm). Performance: Provides controlled irrigation and aspiration with adjustable flow rates. VHA Point of Contact: Bell, Jessie A. The C&A requirements do not apply. A security accreditation package is not required. GENERAL. This entire section applies to all acquisitions requiring any Information Security and Privacy language. Contractors, contractor personnel, subcontractors and subcontractor personnel will be subject to the same federal laws, regulations, standards, VA directives and handbooks, as VA personnel regarding information and information system security and privacy. VA INFORMATION CUSTODIAL LANGUAGE. This entire section applies to all acquisitions requiring any Information Security and Privacy language. a. The Government shall receive unlimited rights to data/intellectual property first produced and delivered in the performance of this contract or order (hereinafter contract ) unless expressly stated otherwise in this contract. This includes all rights to source code and all documentation created in support thereof. The primary clause used to define Government and Contractor data rights is FAR 52.227-14 Rights in Data General. The primary clause used to define computer software license (not data/intellectual property first produced under this contractor or order) is FAR 52.227-19, Commercial Computer Software License. b. Information made available to the contractor by VA for the performance or administration of this contract will be used only for the purposes specified in the service agreement, SOW, PWS, PD, and/or contract. The contractor shall not use VA information in any other manner without prior written approval from a VA Contracting Officer (CO). The primary clause used to define Government and Contractor data rights is FAR 52.227-14 Rights in Data General. c. VA information will not be co-mingled with any other data on the contractor s information systems or media storage systems. The contractor shall ensure compliance with Federal and VA requirements related to data protection, data encryption, physical data segregation, logical data segregation, classification requirements and media sanitization. d. VA reserves the right to conduct scheduled or unscheduled audits, assessments, or investigations of contractor Information Technology (IT) resources to ensure information security is compliant with Federal and VA requirements. The contractor shall provide all necessary access to records (including electronic and documentary materials related to the contracts and subcontracts) and support (including access to contractor and subcontractor staff associated with the contract) to VA, VA's Office Inspector General (OIG), and/or Government Accountability Office (GAO) staff during periodic control assessments, audits, or investigations. e. The contractor may only use VA information within the terms of the contract and applicable Federal law, regulations, and VA policies. If new Federal information security laws, regulations or VA policies become applicable after execution of the contract, the parties agree to negotiate contract modification and adjustment necessary to implement the new laws, regulations, and/or policies. f. The contractor shall not make copies of VA information except as specifically authorized and necessary to perform the terms of the contract. If copies are made for restoration purposes, after the restoration is complete, the copies shall be destroyed in accordance with VA Directive 6500, VA Cybersecurity Program and VA Information Security Knowledge Service. g. If a Veterans Health Administration (VHA) contract is terminated for default or cause with a business associate, the related local Business Associate Agreement (BAA) shall also be terminated and actions taken in accordance with VHA Directive 1605.05, Business Associate Agreements. If there is an executed national BAA associated with the contract, VA will determine what actions are appropriate and notify the contactor. h. The contractor shall store and transmit VA sensitive information in an encrypted form, using VA-approved encryption tools which are, at a minimum, Federal Information Processing Standards (FIPS) 140-2, Security Requirements for Cryptographic Modules (or its successor) validated and in conformance with VA Information Security Knowledge Service requirements. The contractor shall transmit VA sensitive information using VA approved Transport Layer Security (TLS) configured with FIPS based cipher suites in conformance with National Institute of Standards and Technology (NIST) 800-52, Guidelines for the Selection, Configuration and Use of Transport Layer Security (TLS) Implementations. i. The contractor s firewall and web services security controls, as applicable, shall meet or exceed VA s minimum requirements. j. Except for uses and disclosures of VA information authorized by this contract for performance of the contract, the contractor may use and disclose VA information only in two situations: (i) in response to a qualifying order of a court of competent jurisdiction after notification to VA CO (ii) with written approval from the VA CO. The contractor shall refer all requests for, demands for production of or inquiries about, VA information and information systems to the VA CO for response. k. Notwithstanding the provision above, the contractor shall not release VA records protected by Title 38 U.S.C. § 5705, Confidentiality of medical quality assurance records and/or Title 38 U.S.C. § 7332, Confidentiality of certain medical records pertaining to drug addiction, sickle cell anemia, alcoholism or alcohol abuse or infection with Human Immunodeficiency Virus (HIV). If the contractor is in receipt of a court order or other requests for the above-mentioned information, the contractor shall immediately refer such court order or other requests to the VA CO for response. l. Information made available to the contractor by VA for the performance or administration of this contract or information developed by the contractor in performance or administration of the contract will be protected and secured in accordance with VA Directive 6500 and Identity and Access Management (IAM) Security processes specified in the VA Information Security Knowledge Service. m. Any data destruction done on behalf of VA by a contractor shall be done in accordance with National Archives and Records Administration (NARA) requirements as outlined in VA Directive 6300, Records and Information Management, VA Handbook 6300.1, Records Management Procedures, and applicable VA Records Control Schedules. n. The contractor shall provide its plan for destruction of all VA data in its possession according to VA Directive 6500 and NIST 800-88, Guidelines for Media Sanitization prior to termination or completion of this contract. If directed by the COR/CO, the contractor shall return all Federal Records to VA for disposition. o. Any media, such as paper, magnetic tape, magnetic disks, solid state devices or optical discs that is used to store, process, or access VA information that cannot be destroyed shall be returned to VA. The contractor shall hold the appropriate material until otherwise directed by the Contracting Officer s Representative (COR) or CO. Items shall be returned securely via VA-approved methods. VA sensitive information must be transmitted utilizing VA-approved encryption tools which are validated under FIPS 140-2 (or its successor) and NIST 800-52. If mailed, the contractor shall send via a trackable method (USPS, UPS, FedEx, etc.) and immediately provide the COR/CO with the tracking information. Self-certification by the contractor that the data destruction requirements above have been met shall be sent to the COR/CO within 30 business days of termination of the contract. p. All electronic storage media (hard drives, optical disks, CDs, back-up tapes, etc.) used to store, process or access VA information will not be returned to the contractor at the end of lease, loan, or trade-in. Exceptions to this paragraph will only be granted with the written approval of the VA CO. This section applies when any ACCESS TO VA INFORMATION AND VA INFORMATION SYSTEMS. person requires access to information made available to the contractor by VA for the performance or administration of this contract or information developed by the contractor in performance or administration of the contract. a. A contractor/subcontractor shall request logical (technical) or physical access to VA information and VA information systems for their employees and subcontractors only to the extent necessary to perform the services specified in the solicitation or contract. This includes indirect entities, both affiliate of contractor/subcontractor and agent of contractor/subcontractor. b. Contractors and subcontractors shall sign the VA Information Security Rule of Behavior (ROB) before access is provided to VA information and information systems (see Section 4, Training, below). The ROB contains the minimum user compliance requirements and does not supersede any policies of VA facilities or other agency components which provide higher levels of protection to VA s information or information systems. Users who require privileged access shall complete the VA elevated privilege access request processes before privileged access is granted. c. All contractors and subcontractors working with VA information are subject to the same security investigative and clearance requirements as those of VA appointees or employees who have access to the same types of information. The level and process of background security investigations for contractors shall be in accordance with VA Directive and Handbook 0710, Personnel Suitability and Security Program. The Office of Human Resources and Administration/Operations, Security and Preparedness (HRA/OSP) is responsible for these policies and procedures. Contract personnel who require access to classified information or information systems shall have an appropriate security clearance. Verification of a Security Clearance shall be processed through the Special Security Officer located in HRA/OSP. Contractors shall conform to all requirements stated in the National Industrial Security Program Operating Manual (NISPOM). d. All contractors and subcontractors shall comply with conditions specified in VAAR 852.204-71(d); Contractor operations required to be in United States. All contractors and subcontractors working with VA information must be permanently located within a jurisdiction subject to the law of the United States or its Territories to the maximum extent feasible. If services are proposed to be performed abroad the contractor must state where all non-U.S. services are provided. The contractor shall deliver to VA a detailed plan specifically addressing communications, personnel control, data protection and potential legal issues. The plan shall be approved by the COR/CO in writing prior to access being granted. e. The contractor shall notify the COR/CO in writing immediately (no later than 24 hours) after personnel separation or occurrence of other causes. Causes may include the following: (1) Contractor/subcontractor personnel no longer has a need for access to VA information or VA information systems. (2) Contractor/subcontractor personnel are terminated, suspended, or otherwise has their work on a VA project discontinued for any reason. (3) Contractor believes their own personnel or subcontractor personnel may pose a threat to their company s working environment or to any company owned property. This includes contractor-owned assets, buildings, confidential data, customers, employees, networks, systems, trade secrets and/or VA data. (4) Any previously undisclosed changes to contractor/subcontractor background history are brought to light, including but not limited to changes to background investigation or employee record. (5) Contractor/subcontractor personnel have their authorization to work in the United States revoked. (6) Agreement by which contractor provides products and services to VA has either been fulfilled or terminated, such that VA can cut off electronic and/or physical access for contractor personnel. f. In such cases of contract fulfillment, termination, or other causes; the contractor shall take the necessary measures to immediately revoke access to VA network, property, information, and information systems (logical and physical) by contractor/subcontractor personnel. These measures include (but are not limited to): removing and then securing Personal Identity Verification (PIV) badges and PIV Interoperable (PIV-I) access badges, VA-issued photo badges, credentials for VA facilities and devices, VA-issued laptops, and authentication tokens. Contractors shall notify the appropriate VA COR/CO immediately to initiate access removal. g. Contractors/subcontractors who no longer require VA accesses will return VA issued property to VA. This property includes (but is not limited to): documents, electronic equipment, keys, and parking passes. PIV and PIV-I access badges shall be returned to the nearest VA PIV Badge Issuance Office. Once they have had access to VA information, information systems, networks and VA property in their possessions removed, contractors shall notify the appropriate VA COR/CO. TRAINING. This entire section applies to all acquisitions which include section 3. a. All contractors and subcontractors requiring access to VA information and VA information systems shall successfully complete the following before being granted access to VA information and its systems: (1) VA Privacy and Information Security Awareness and Rules of Behavior course (Talent Management System (TMS) #10176) initially and annually thereafter. (2) Sign and acknowledge (electronically through TMS #10176) understanding of and responsibilities for compliance with the Organizational Rules of Behavior, relating to access to VA information and information systems initially and annually thereafter; and (3) Successfully complete any additional cyber security or privacy training, as required for VA personnel with equivalent information system or information access [to be defined by the VA program official and provided to the VA CO for inclusion in the solicitation document i.e., any role-based information security training]. b. The contractor shall provide to the COR/CO a copy of the training certificates and certification of signing the Organizational Rules of Behavior for each applicable employee within five days of the initiation of the contract and annually thereafter, as required. c. Failure to complete the mandatory annual training is grounds for suspension or termination of all physical or electronic access privileges and removal from work on the contract until such time as the required training is complete. SECURITY INCIDENT INVESTIGATION. This entire section applies to all acquisitions requiring any Information Security and Privacy language. a. The contractor, subcontractor, their employees, or business associates shall immediately (within one hour) report suspected security / privacy incidents to the VA OIT s Enterprise Service Desk (ESD) by calling (855) 673-4357 (TTY: 711). The ESD is OIT s 24/7/365 single point of contact for IT-related issues. After reporting to the ESD, the contractor, subcontractor, their employees, or business associates shall, within one hour, provide the COR/CO the incident number received from the ESD. b. To the extent known by the contractor/subcontractor, the contractor/ subcontractor's notice to VA shall identify the information involved and the circumstances surrounding the incident, including the following: (1) The date and time (or approximation of) the Security Incident occurred. (2) The names of individuals involved (when applicable). (3) The physical and logical (if applicable) location of the incident. (4) Why the Security Incident took place (i.e., catalyst for the failure). (5) The amount of data belonging to VA believed to have been compromised. (6) The remediation measures the contractor is taking to ensure no future incidents of a similar nature c. After the contractor has provided the initial detailed incident summary to VA, they will continue to provide written updates on any new and relevant circumstances or facts they discover. The contractor, subcontractor, and their employes shall fully cooperate with VA or third-party entity performing an independent risk analysis on behalf of VA. Failure to cooperate may be deemed a material breach and grounds for contract termination. d. VA IT contractors shall follow VA Handbook 6500, Risk Management Framework for VA Information Systems VA Information Security Program, and VA Information Security Knowledge Service guidance for implementing an Incident Response Plan or integrating with an existing VA implementation. e. In instances of theft or break-in or other criminal activity, the contractor/subcontractor must concurrently report the incident to the appropriate law enforcement entity (or entities) of jurisdiction, including the VA OIG, and the VA Office of Security and Law Enforcement. The contractor, its employees, and its subcontractors and their employees shall cooperate with VA and any law enforcement authority responsible for the investigation and prosecution of any possible criminal law violation(s) associated with any incident. The contractor/subcontractor shall cooperate with VA in any civil litigation to recover VA information, obtain monetary or other compensation from a third party for damages arising from any incident, or obtain injunctive relief against any third party arising from, or related to, the incident. f. The contractor shall comply with VA Handbook 6500.2, Management of Breaches Involving Sensitive Personal Information, which establishes the breach management policies and assigns responsibilities for the oversight, management and reporting procedures associated with managing of breaches. g. With respect to unsecured Protected Health Information (PHI), the contractor is deemed to have discovered a data breach when the contractor knew or should have known of breach of such information. When a business associate is part of VHA contract, notification to the covered entity (VHA) shall be made in accordance with the executed BAA. h. If the contractor or any of its agents fails to protect VA sensitive personal information or otherwise engages in conduct which results in a data breach involving any VA sensitive personal information the contractor/subcontractor processes or maintains under the contract; the contractor shall pay liquidated damages to the VA as set forth in clause 852.211-76, Liquidated Damages Reimbursement for Data Breach Costs. Records Management NARA Records Management Language for Contracts (May 2017) Contractor shall comply with all applicable records management laws and regulations, as well as National Archives and Records Administration (NARA) records policies, including but not limited to the Federal Records Act (44 U.S.C. chs. 21, 29, 31, 33), NARA regulations at 36 CFR Chapter XII Subchapter B, and those policies associated with the safeguarding of records covered by the Privacy Act of 1974 (5 U.S.C. 552a). These policies include the preservation of all records, regardless of form or characteristics, mode of transmission, or state of completion. In accordance with 36 CFR 1222.32, all data created for Government use and delivered to, or falling under the legal control of, the Government are Federal records subject to the provisions of 44 U.S.C. chapters 21, 29, 31, and 33, the Freedom of Information Act (FOIA) (5 U.S.C. 552), as amended, and the Privacy Act of 1974 (5 U.S.C. 552a), as amended and must be managed and scheduled for disposition only as permitted by statute or regulation. In accordance with 36 CFR 1222.32, Contractor shall maintain all records created for Government use or created in the course of performing the contract and/or delivered to, or under the legal control of the Government and must be managed in accordance with Federal law. Electronic records and associated metadata must be accompanied by sufficient technical documentation to permit understanding and use of the records and data. Central Texas Veterans Health Care System and its contractors are responsible for preventing the alienation or unauthorized destruction of records, including all forms of mutilation. Records may not be removed from the legal custody of Central Texas Veterans Health Care System or destroyed except for in accordance with the provisions of the agency records schedules and with the written concurrence of the Head of the Contracting Activity. Willful and unlawful destruction, damage or alienation of Federal records is subject to the fines and penalties imposed by 18 U.S.C. 2701. In the event of any unlawful or accidental removal, defacing, alteration, or destruction of records, Contractor must report to Central Texas Veterans Health Care System. The agency must report promptly to NARA in accordance with 36 CFR 1230. The Contractor shall immediately notify the appropriate Contracting Officer upon discovery of any inadvertent or unauthorized disclosures of information, data, documentary materials, records or equipment. Disclosure of non-public information is limited to authorized personnel with a need-to-know as described in the [contract vehicle]. The Contractor shall ensure that the appropriate personnel, administrative, technical, and physical safeguards are established to ensure the security and confidentiality of this information, data, documentary material, records and/or equipment is properly protected. The Contractor shall not remove material from Government facilities or systems, or facilities or systems operated or maintained on the Government s behalf, without the express written permission of the Head of the Contracting Activity. When information, data, documentary material, records and/or equipment is no longer required, it shall be returned to Central Texas Veterans Health Care System control, or the Contractor must hold it until otherwise directed. Items returned to the Government shall be hand carried, mailed, emailed, or securely electronically transmitted to the Contracting Officer or address prescribed in the [contract vehicle]. Destruction of records is EXPRESSLY PROHIBITED unless in accordance with Paragraph (4). The Contractor is required to obtain the Contracting Officer's approval prior to engaging in any contractual relationship (sub-contractor) in support of this contract requiring the disclosure of information, documentary material and/or records generated under, or relating to, contracts. The Contractor (and any sub-contractor) is required to abide by Government and Central Texas Veterans Health Care System guidance for protecting sensitive, proprietary information, classified, and controlled unclassified information. The Contractor shall only use Government IT equipment for purposes specifically tied to or authorized by the contract and in accordance with Central Texas Veterans Health Care System policy. The Contractor shall not create or maintain any records containing any non-public Central Texas Veterans Health Care System information that are not specifically tied to or authorized by the contract. The Contractor shall not retain, use, sell, or disseminate copies of any deliverable that contains information covered by the Privacy Act of 1974 or that which is generally protected from public disclosure by an exemption to the Freedom of Information Act. The Central Texas Veterans Health Care System owns the rights to all data and records produced as part of this contract. All deliverables under the contract are the property of the U.S. Government for which Central Texas Veterans Health Care System shall have unlimited rights to use, dispose of, or disclose such data contained therein as it determines to be in the public interest. Any Contractor rights in the data or deliverables must be identified as required by FAR 52.227-11 through FAR 52.227-20. Training. All Contractor employees assigned to this contract who create, work with, or otherwise handle records are required to take VHA-provided records management training, Talent Management System (TMS) Item #3873736, Records Management for Records Officers and Liaisons (WBT). The Contractor is responsible for confirming training has been completed according to agency policies, including initial training and any annual or refresher training.